Complex and connected business computer systems are a valuable target for attackers trying to infiltrate and manipulate core processes of companies. User accounts that have been compromised by targeted attacks and/or social engineering as well as malicious insiders can lead to a situation in which even valid and authenticated system users should not be trusted unconditionally. In such an environment, application level intrusion detection systems become increasingly important as an additional line of defense which alerts administrators to unusual behavior in their systems.